Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Antispywareupdates.net infected me good [RESOLVED]

Started by KenGuy5472 , Mar 16 2008 05:05 PM

This topic is locked

#1
KenGuy5472

Posted 16 March 2008 - 05:05 PM

New Member

Member
7 posts

I have just been recently infected with what has been quite a pain of a virus recently.
I don't know if anyone's heard of this before, but the most obvious sign of infection is that my desktop wallpaper has been changed to a blue background with a "Warning: Spyware Threat" wallpaper with a link to Also, I have a phony warning popup in the notification area and internet explorer windows opening every five minutes about security center and fake antivirus programs.

This PC was working fine this weekend until my friend came over recently and went to some free online games website and probably unknowingly clicked an ad, so now I'm suffering it in the form of my computer not being able to install programs completely, having to manually start explorer.exe (which is probably infected) on bootup, and not being able to open task manager.

I don't want to have to backup all my files and reinstall windows, so I put my faith in this site to see what I can do to get this back up and running.

There's no chance of us buying a new computer any time soon, so if I can get rid of this junk and never have to see a trace of it again, I will learn to monitor my friends when they use the computer from now on, and would be in so much debt to whoever can help me with this!

Here is my HijackThis Log:

===================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:03:24 PM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\mrofinu72.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\PROGRA~1\COMMON~1\AOL\120565~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\120565~1\EE\AOLServiceHost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\WNSXS~1\nopdb.exe
C:\Documents and Settings\Owner\My Documents\s?mbols\s?chost.exe
C:\Program Files\QdrModule\QdrModule13.exe
C:\Program Files\QdrPack\QdrPack14.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {3B6BCEE2-5225-7A89-5160-2900BEC28EB9} - C:\WINDOWS\system32\tzpz.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {A0DA0925-8220-49A7-8E58-A5AB690AC365} - C:\Program Files\MSN Gaming Zone\mero555077.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1205654771\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Ealb] "C:\WINDOWS\WNSXS~1\nopdb.exe" -vt yazb
O4 - HKCU\..\Run: [Vqlz] "C:\Documents and Settings\Owner\My Documents\s?mbols\s?chost.exe"
O4 - HKCU\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe"
O4 - HKCU\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [Ealb] "C:\WINDOWS\WNSXS~1\nopdb.exe" -vt yazb (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [Vqlz] "C:\Documents and Settings\Owner\My Documents\s?mbols\s?chost.exe" (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe" (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe" (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - S-1-5-21-1418799423-3444146386-1450228041-1006 Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe (User '?')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1205649641354
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8296 bytes

Again, so much thanks to any replies!

Edited by Rorschach112, 16 March 2008 - 06:44 PM.
removed live link

#2
kahdah

Posted 16 March 2008 - 05:17 PM

GeekU Teacher

Retired Staff
15,822 posts

Hello KenGuy5472

Welcome to G2Go.

=====================
The first thing I will need you to do is to Download this anti-virus program and install it.
This is free.
AVG free
=============================================
Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

#3
KenGuy5472

Posted 16 March 2008 - 06:05 PM

New Member

Topic Starter
Member
7 posts

Alright, after downloading AVG Free, I ran Combofix and left the command prompt to do its thing, but after it was all done it said the window should close shortly after creating a log file, so I left to go eat dinner, but then when I came back it was still open, so I closed it, which I hope didn't interrupt it.

Here is my combofix log:
ComboFix 08-03-14.4 - Owner 2008-03-16 19:30:50.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\default.htm
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\000070.exe
C:\WINDOWS\system32\000090.exe
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll

----- BITS: Possible infected sites -----

hxxp://80.93.48.74
.
((((((((((((((((((((((((( Files Created from 2008-02-16 to 2008-03-16 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-16 02:29 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe]
"Ealb"="C:\WINDOWS\WNSXS~1\nopdb.exe" [2008-03-16 11:47 135680 C:\WINDOWS\WNSXS~1\nopdb.exe]
"Vqlz"="C:\Documents and Settings\Owner\My Documents\s?mbols\s?chost.exe" []
"QdrModule13"="C:\Program Files\QdrModule\QdrModule13.exe" [2008-03-06 21:22 385024 C:\Program Files\QdrModule\QdrModule13.exe]
"QdrPack14"="C:\Program Files\QdrPack\QdrPack14.exe" [2008-03-13 17:02 364544 C:\Program Files\QdrPack\QdrPack14.exe]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56 108032 C:\WINDOWS\ehome\ehtray.exe]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 10:32 7204864 C:\WINDOWS\system32\nvcpl.dll]
"nwiz"="nwiz.exe" [2005-09-18 10:32 1560576 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 10:32 86016 C:\WINDOWS\system32\nvmctray.dll]
"HostManager"="C:\Program Files\Common Files\AOL\1205654771\EE\AOLHostManager.exe" [2004-11-03 17:03 125528 C:\Program Files\Common Files\AOL\1205654771\EE\AOLHostManager.exe]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 21:42 79448 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 00:24 45056 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-14 07:38 14977024 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-09-14 07:38 81920 C:\WINDOWS\ALCMTR.EXE]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 19:04 180224 C:\Program Files\Digital Media Reader\shwiconEM.exe]
"runner1"="C:\WINDOWS\mrofinu72.exe" []
"webHancer Agent"="C:\Program Files\webHancer\Programs\whagent.exe" [2007-10-11 13:49 569344 C:\Program Files\webHancer\Programs\whagent.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1205654771\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

*Newly Created Service* - NMINDEXINGSERVICE
.
Contents of the 'Scheduled Tasks' folder
"2008-03-16 09:03:42 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-03-16 09:03:43 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-03-16 09:03:43 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.

...and here's my HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:57, on 2008-03-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\mgmrwmrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\PROGRA~1\COMMON~1\AOL\120565~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\120565~1\EE\AOLServiceHost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\WNSXS~1\nopdb.exe
C:\Documents and Settings\Owner\My Documents\s?mbols\s?chost.exe
C:\Program Files\QdrModule\QdrModule13.exe
C:\Program Files\QdrPack\QdrPack14.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\WINDOWS\system32\utilman.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {3B6BCEE2-5225-7A89-5160-2900BEC28EB9} - C:\WINDOWS\system32\tzpz.dll
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {A0DA0925-8220-49A7-8E58-A5AB690AC365} - C:\Program Files\MSN Gaming Zone\mero555077.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1205654771\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Ealb] "C:\WINDOWS\WNSXS~1\nopdb.exe" -vt yazb
O4 - HKCU\..\Run: [Vqlz] "C:\Documents and Settings\Owner\My Documents\s?mbols\s?chost.exe"
O4 - HKCU\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe"
O4 - HKCU\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [Ealb] "C:\WINDOWS\WNSXS~1\nopdb.exe" -vt yazb (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [Vqlz] "C:\Documents and Settings\Owner\My Documents\s?mbols\s?chost.exe" (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe" (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe" (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - S-1-5-21-1418799423-3444146386-1450228041-1006 Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe (User '?')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1205649641354
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8265 bytes

I can see the difference in the HJ log file size, so good changes must have happened!

#4
kahdah

Posted 16 March 2008 - 06:56 PM

GeekU Teacher

Retired Staff
15,822 posts

Delete your version of Combofix and redownload it from Here to your Desktop.
=============
Then :
A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.

Please download LSPFix from here.
Run the LSPFix.exe that you have just finished downloading.
Then click Finish>>.

Note if nothing is listed in the Remove box then Do Not continue as this can result in a disconnected internet
Rather post here and let me know.
=======================================
1. Please open Notepad

Click Start , then Run
type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\tzpz.dll
C:\Program Files\MSN Gaming Zone\mero555077.dll
Folder::
C:\Program Files\Bat
C:\Program Files\QdrDrive
C:\Program Files\webHancer
C:\WINDOWS\WNSXS~1
C:\Program Files\QdrPack
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ealb"=-
"Vqlz"=-
"QdrModule13"=-
"QdrPack14"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"runner1"=-
"webHancer Agent"=
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=-

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt
A new HijackThis log.

#5
KenGuy5472

Posted 16 March 2008 - 07:24 PM

New Member

Topic Starter
Member
7 posts

Nothing was listed in the remove box, so I left it alone.
My only slight confusion is why combofix says that it will finish in a few seconds and will open the report log when all it does is sit there and say on the last line that the log will be located in C:\combofix.txt.
Plus it's actually in C:\Combofix\Combofix.txt, but that's just the program I guess.

One thing it said after preparing the report was that it couldn't find what I remember to be called "fdsv_cb".

Thank you for helping prepare that combofix script, the wallpaper is gone now and so is webhancer, you've already helped out much!

Now here is my Combofix report:

ComboFix 08-03-14.4 - Owner 2008-03-16 21:01:11.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MSN Gaming Zone\mero555077.dll
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\default.htm
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\mgmrwmrv.exe
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\tzpz.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Program Files\Common Files\Yazzle1552OinAdmin.exe
C:\Program Files\Common Files\Yazzle1552OinUninstaller.exe
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\default.htm
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\000070.exe
C:\WINDOWS\system32\000090.exe
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll

.
((((((((((((((((((((((((( Files Created from 2008-02-17 to 2008-03-17 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

------- Sigcheck -------

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-16 02:29 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe]
"Ealb"="C:\WINDOWS\WNSXS~1\nopdb.exe" [2008-03-16 11:47 135680 C:\WINDOWS\WNSXS~1\nopdb.exe]
"Vqlz"="C:\Documents and Settings\Owner\My Documents\s?mbols\s?chost.exe" []
"QdrModule13"="C:\Program Files\QdrModule\QdrModule13.exe" [2008-03-06 21:22 385024 C:\Program Files\QdrModule\QdrModule13.exe]
"QdrPack14"="C:\Program Files\QdrPack\QdrPack14.exe" [2008-03-13 17:02 364544 C:\Program Files\QdrPack\QdrPack14.exe]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 16:14 147456 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56 108032 C:\WINDOWS\ehome\ehtray.exe]
"@"="" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-18 10:32 7204864 C:\WINDOWS\system32\nvcpl.dll]
"nwiz"="nwiz.exe" [2005-09-18 10:32 1560576 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-18 10:32 86016 C:\WINDOWS\system32\nvmctray.dll]
"HostManager"="C:\Program Files\Common Files\AOL\1205654771\EE\AOLHostManager.exe" [2004-11-03 17:03 125528 C:\Program Files\Common Files\AOL\1205654771\EE\AOLHostManager.exe]
"AOL Spyware Protection"="C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-18 21:42 79448 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 00:24 45056 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-14 07:38 14977024 C:\WINDOWS\RTHDCPL.EXE]
"Alcmtr"="ALCMTR.EXE" [2005-09-14 07:38 81920 C:\WINDOWS\ALCMTR.EXE]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2004-11-15 19:04 180224 C:\Program Files\Digital Media Reader\shwiconEM.exe]
"runner1"="C:\WINDOWS\mrofinu72.exe" []
"webHancer Agent"="C:\Program Files\webHancer\Programs\whagent.exe" [2007-10-11 13:49 569344 C:\Program Files\webHancer\Programs\whagent.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1205654771\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7471885f-f334-11dc-92c8-806d6172696f}]
\Shell\AutoRun\command - Install_App.exe

*Newly Created Service* - NMINDEXINGSERVICE
.
Contents of the 'Scheduled Tasks' folder
"2008-03-16 09:03:42 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-03-16 09:03:43 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-03-16 09:03:43 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
.

And here is my HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22, on 2008-03-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\webHancer\Programs\whagent.exe
C:\PROGRA~1\COMMON~1\AOL\120565~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\120565~1\EE\AOLServiceHost.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\WNSXS~1\nopdb.exe
C:\Documents and Settings\Owner\My Documents\s?mbols\s?chost.exe
C:\Program Files\QdrModule\QdrModule13.exe
C:\Program Files\QdrPack\QdrPack14.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Nero\Nero 7\Core\nero.exe
C:\WINDOWS\system32\utilman.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {A0DA0925-8220-49A7-8E58-A5AB690AC365} - C:\Program Files\MSN Gaming Zone\mero555077.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1205654771\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Ealb] "C:\WINDOWS\WNSXS~1\nopdb.exe" -vt yazb
O4 - HKCU\..\Run: [Vqlz] "C:\Documents and Settings\Owner\My Documents\s?mbols\s?chost.exe"
O4 - HKCU\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe"
O4 - HKCU\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [Ealb] "C:\WINDOWS\WNSXS~1\nopdb.exe" -vt yazb (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [Vqlz] "C:\Documents and Settings\Owner\My Documents\s?mbols\s?chost.exe" (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe" (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe" (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - S-1-5-21-1418799423-3444146386-1450228041-1006 Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe (User '?')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O10 - Hijacked Internet access by WebHancer
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1205649641354
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8153 bytes

some traces still seem to remain, but I'm sure those will go away with the help of your great knowledge and cleaning tools at bay!

#6
kahdah

Posted 16 March 2008 - 07:40 PM

GeekU Teacher

Retired Staff
15,822 posts

I am not sure why it is hanging up at that part.
===============================
Please re-open Hijackthis and click on "Do a system scan only"
Then place a check mark next to these entries below:

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\mgmrwmrv.exe,
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: BatBHO - {63F7460B-C831-4142-A4AA-5EC303EC4343} - C:\Program Files\Bat\Bat.dll
O2 - BHO: BndFibu7 IE Helper - {8041E642-8CFC-4720-BC9D-D2DB8904286F} - C:\Program Files\QdrDrive\QdrDrive12.dll
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {A0DA0925-8220-49A7-8E58-A5AB690AC365} - C:\Program Files\MSN Gaming Zone\mero555077.dll (file missing)
O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu72.exe 61A847B5BBF72815308B2B27128065E9C084320161C4661227A755E9C2933154389A
O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
O4 - HKCU\..\Run: [Ealb] "C:\WINDOWS\WNSXS~1\nopdb.exe" -vt yazb
O4 - HKCU\..\Run: [Vqlz] "C:\Documents and Settings\Owner\My Documents\s?mbols\s?chost.exe"
O4 - HKCU\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe"
O4 - HKCU\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe"
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [Ealb] "C:\WINDOWS\WNSXS~1\nopdb.exe" -vt yazb (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [Vqlz] "C:\Documents and Settings\Owner\My Documents\s?mbols\s?chost.exe" (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [QdrModule13] "C:\Program Files\QdrModule\QdrModule13.exe" (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [QdrPack14] "C:\Program Files\QdrPack\QdrPack14.exe" (User '?')
O4 - S-1-5-21-1418799423-3444146386-1450228041-1006 Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe (User '?')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

Now click on Fix Checked and then close Hijackthis.
===================================
Then please go to Start>Control Panel >Add\Remove programs and remove WebHancer (if present)
========================
Make sure that you paste the following file paths under the yellow bar within the OTMoveit2 program or it will not work correctly.

Please download the OTMoveIt2 by OldTimer.

Save it to your desktop.
Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\WINDOWS\WNSXS~1
C:\Program Files\QdrModule
C:\Program Files\QdrPack
C:\WINDOWS\mrofinu72.exe
C:\WINDOWS\mrofinu72.exe.tmp
C:\Program Files\Bat
C:\WINDOWS\system32\mgmrwmrv.exe
HKLM\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr
HKLM\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr

Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
======================
AFter all of that Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Full Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
===========================================================
In your next reply please post the following logs:
New Hijackthis log
OTMoveit2
MBAM log

Edited by kahdah, 16 March 2008 - 07:41 PM.

#7
KenGuy5472

Posted 16 March 2008 - 10:09 PM

New Member

Topic Starter
Member
7 posts

Alright, here is the new hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:07, on 2008-03-17
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\PROGRA~1\COMMON~1\AOL\120565~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\120565~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1205654771\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User '?')
O4 - HKUS\S-1-5-21-1418799423-3444146386-1450228041-1006\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?')
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1205649641354
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 4738 bytes

OldTimer log:

[Custom Input]
< C:\WINDOWS\WNSXS~1 >
C:\WINDOWS\WіnSxS\WіnSxS moved successfully.
C:\WINDOWS\WіnSxS moved successfully.
< C:\Program Files\QdrModule >
C:\Program Files\QdrModule moved successfully.
< C:\Program Files\QdrPack >
C:\Program Files\QdrPack moved successfully.
< C:\WINDOWS\mrofinu72.exe >
File/Folder C:\WINDOWS\mrofinu72.exe not found.
< C:\WINDOWS\mrofinu72.exe.tmp >
File/Folder C:\WINDOWS\mrofinu72.exe.tmp not found.
< C:\Program Files\Bat >
C:\Program Files\Bat moved successfully.
< C:\WINDOWS\system32\mgmrwmrv.exe >
File/Folder C:\WINDOWS\system32\mgmrwmrv.exe not found.
< HKLM\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr deleted successfully.
< HKLM\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr >
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system\\DisableTaskMgr not found.

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03162008_220321

and Malware Byte log:

Malwarebytes' Anti-Malware 1.08
Database version: 498

Scan type: Full Scan (C:\|E:\|G:\|H:\|I:\|J:\|)
Objects scanned: 476183
Time elapsed: 1 hour(s), 44 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 16
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 18
Files Infected: 60

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\webhancer\Programs\webhdll.dll (Adware.WebHancer) -> Unloaded module successfully.
c:\program files\webhancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{f663b917-591f-4172-8d87-3d7d729007ca} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bat.batbho (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bat.batbho.1 (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d279bc2b-a85b-4559-8fd9-ddc55f5d402d} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{b80a3586-caa5-41c8-89bf-e617f0b6cfbf} (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ism (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QdrModule (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\QdrDrive (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\BATCO (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Batco (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\bat.DLL (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bat (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Bat (Adware.Batco) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\webHancer (Adware.WebHancer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Outerinfo (Adware.PurityScan) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\180searchassistant (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180solutions (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\seekmo (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180search assistant (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\webHancer (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\webHancer\Programs (Adware.Webhancer) -> Delete on reboot.
C:\Program Files\QdrDrive (Adware.AdBand) -> Quarantined and deleted successfully.
C:\Program Files\ISM (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\stc (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Rabio\Search Enhancer (Adware.SearchEnhancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\Rabio (Adware.Rabio) -> Quarantined and deleted successfully.

Files Infected:
c:\program files\webhancer\Programs\webhdll.dll (Adware.WebHancer) -> Delete on reboot.
c:\program files\webhancer\Programs\whiehlpr.dll (Adware.WebHancer) -> Delete on reboot.
C:\Documents and Settings\Owner\Local Settings\Temp\CEMG555077.exe (Adware.TTC) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\outerinfo.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temp\syswcc32.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\syswcc32[1].exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\17PHolmes[1].cmt (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\CEMG555077[1].exe (Adware.TTC) -> Quarantined and deleted successfully.
C:\MY BACKUP -- 29-02-08 2211\$WINDOWS.~Q\DATA\Documents and Settings\Ken\Local Settings\Temp\nssD.tmp\System.dll (Worm.Voterai) -> Quarantined and deleted successfully.
C:\MY BACKUP -- 29-02-08 2211\$WINDOWS.~Q\DATA\Documents and Settings\Ken\Local Settings\Temp\nsxF.tmp\System.dll (Worm.Voterai) -> Quarantined and deleted successfully.
C:\MY BACKUP -- 29-02-08 2211\EVERYTHING OLD 11-12-07 1838\WINDOWS\Temp\AE8AB41F91F72503.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\FF.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\Program Files\Trend Micro\HijackThis\backups\backup-20080316-215548-555.dll (Adware.WebHancer) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\MSN Gaming Zone\mero555077.dll.vir (Adware.TTC) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\tzpz.dll.vir (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP14\A0024057.dll (Adware.TTC) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP14\A0024059.dll (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP15\A0024706.exe (Adware.TTC) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP15\A0024709.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP15\A0024728.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP15\A0024734.exe (Adware.TTC) -> Quarantined and deleted successfully.
C:\_OTMoveIt\MovedFiles\03162008_220321\Program Files\Bat\un_BatSetup_15041.exe (Adware.Rabio) -> Quarantined and deleted successfully.
C:\Program Files\180searchassistant\saap.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180searchassistant\sac.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180solutions\sais.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\zango\zango.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\seekmo\seekmohook.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180search assistant\180sa.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180search assistant\sau.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\Terms.rtf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\chrome.manifest (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\install.rdf (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\Outerinfo\FF\components\OuterinfoAds.xpt (Adware.Outerinfo) -> Quarantined and deleted successfully.
C:\Program Files\webHancer\Programs\whinstaller.exe (Adware.Webhancer) -> Quarantined and deleted successfully.
C:\Program Files\QdrDrive\qdrloader.exe (Adware.AdBand) -> Quarantined and deleted successfully.
C:\Program Files\ISM\ism.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\ISM\Uninstall.exe (Adware.ISM) -> Quarantined and deleted successfully.
C:\Program Files\stc\csv5p070.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\Ssmgr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Terms.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Outerinfo\Uninstall.lnk (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSNSA32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntnut32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SIPSPI32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winfrun32.bin (Malware.Trace) -> Quarantined and deleted successfully.

That scan really did take a long time, but that's my hard drive for you!

#8
kahdah

Posted 17 March 2008 - 03:16 AM

GeekU Teacher

Retired Staff
15,822 posts

Might have to leave this scan for a while too.
==============================
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
=================================================================
Please do an online scan with Kaspersky WebScanner
(This scanner is for use with internet explorer only)
Click on "Accept"

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

#9
KenGuy5472

Posted 17 March 2008 - 02:34 PM

New Member

Topic Starter
Member
7 posts

Er........yeah. I have a more serious problem on my hands than I thought.
Well, the scan most certainly did take a long time.
A 5 hour long time.

The results saved in a 9.60 MB text file and I had 378,902 infected objects.
The only reason for this insane amount though, is because I have two folders called "MY BACKUP" that were created by a restore DVD, and I used the DVD twice before because the computer had an important system file corrupted, so I technically have 3 computers on here, if you understand that confusing explanation.
So I backspaced all the entries of infected objects from the MY BACKUP folders (because they're not being used anymore, so infected or not they're not important, probably will delete them to free disk space and reduce virus risk) as well as all the entries for infected files in C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP16\
which were a bunch of exe files, because I wanted to ask you about them.
Would it be safe to just delete the RP16 folder, which is ridden of files infected by Win32.Virut.n?

Here's the edited log, which is now short enough to actually post:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
2008-03-17 16:16
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/03/2008
Kaspersky Anti-Virus database records: 635761
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Folders:
C:\

Scan Statistics:
Total number of scanned objects: 378902
Number of viruses found: 21
Number of infected objects: 28270
Number of suspicious objects: 0
Duration of the scan process: 05:28:41

Infected Object Name / Virus Name / Last Action
C:\ComboFix\regt.cfexe Infected: Virus.Win32.Virut.n skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe Infected: Virus.Win32.Virut.n skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE Infected: Virus.Win32.Virut.n skipped
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE Infected: Virus.Win32.Virut.n skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Desktop\60 day trial - Office 2003.exe Infected: Virus.Win32.Virut.n skipped
C:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe Infected: Virus.Win32.Virut.n skipped
C:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE Infected: Virus.Win32.Virut.n skipped
C:\Documents and Settings\Default User\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE Infected: Virus.Win32.Virut.n skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe Infected: Virus.Win32.Virut.n skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE Infected: Virus.Win32.Virut.n skipped
C:\Documents and Settings\Owner\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE Infected: Virus.Win32.Virut.n skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzvx5ghh.default\cert8.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzvx5ghh.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzvx5ghh.default\history.dat Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzvx5ghh.default\key3.db Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzvx5ghh.default\parent.lock Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzvx5ghh.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\xzvx5ghh.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Desktop\LSPFix.exe Infected: Virus.Win32.Virut.n skipped
C:\Documents and Settings\Owner\Desktop\OTMoveIt2.exe Infected: Virus.Win32.Virut.n skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{26D90C04-503D-4597-A8F9-D49FBDB00EFD}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{26D90C04-503D-4597-A8F9-D49FBDB00EFD}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\xzvx5ghh.default\Cache\2B3FAA3Dd01 Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\xzvx5ghh.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\xzvx5ghh.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\xzvx5ghh.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\xzvx5ghh.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\fla73.tmp Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\My Documents\sуmbols\sνchost.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Firefox Downloads\ATF-Cleaner.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\America Online 9.0\AFLookup.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\America Online 9.0\Jiti\Real.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\America Online 9.0\Jiti\Real9_codec_upd.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\America Online 9.0\Jiti\real_upd.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\BigFix\__Data\BigFix\openifvalid.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\BigFix\__Data\emachines\BFMsgBox.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\BigFix\__Data\emachines\openifvalid.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\BigFix\__Data\emachines\ShellExecute.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\eMachines_Vista.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\eMachine_Specific.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\General.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Security_UK.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\UK_Specific.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Urgent.dat Object is locked skipped
C:\Program Files\BigFix\__Data\emachines\__Local\Tmp\Welcome.dat Object is locked skipped
C:\Program Files\BigFix\__Data\__Global\Logs\20080317.log Object is locked skipped
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\Ahead\Lib\NeroPatentActivation.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\Ahead\Lib\NeroScoutOptions.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\Ahead\Lib\NeroSearchAdvanced.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\Ahead\Lib\NeroUpgrade.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\Ahead\Lib\NeTsMan.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\Ahead\Lib\NiReg.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\Ahead\Lib\NMBCWriter.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\Ahead\Lib\NMSTranscoder.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\Ahead\Lib\NMTVServer.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\Ahead\Lib\NMTvWizard.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\Ahead\Nero Web\SetupX.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\Ahead\NeroSlideShow\SlideShw.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\Ahead\RemoteControl\NeroRemoteCtrlHandler.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\AOL\ACS\acssetup.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\AOL\ACS\AcsUninstall.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\AOL\ACS\ospath.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\AOL\ACS\US\static Object is locked skipped
C:\Program Files\Common Files\AOL\AOL Spyware Protection\aolserv.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\AOL\AOL Spyware Protection\UNWISE.EXE Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\AOL\Backup\ACS\Rollback\AcsRollback.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\AolCoach\en_en\ab3.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\AolCoach\en_en\AolCInUn.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\AolCoach\en_en\player\tranplug.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\AolCoach\en_en\SetSPath.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\AolCoach\en_en\upregcond.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver2.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\Microsoft Shared\Speech\sapisvr.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Common Files\Real\Update\rnuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\CyberLink\PowerDVD\CLDMA.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\CyberLink\PowerDVD\cltest.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\CyberLink\PowerDVD\ddtester.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\CyberLink\PowerDVD\dvdrgn.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\CyberLink\PowerDVD\OLRSubmission\OLRSubmission.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Digital Media Reader\shwiconEM.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\Album\hpqaprnt.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\DestTest.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoapm08.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpocpy08.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpokpy08.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpolut08.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposdn08.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposvc08.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqanon.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqaol08.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqclpbd.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\Hpqdirec.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqdstcp.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqEmlsz.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfru07.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqfrucl.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqirs08.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpos08.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqpprop.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqprntw.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqptc08.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqqpj08.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtax08.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqudc08.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqvwr08.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrap.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpsjrreg.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\HPXMLPDF.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\svtf.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\Diagnostics\HPSysDig.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\DocProc\DocProc.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\DocProc\dpe_ocr.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\DocProc\regipe.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqCmon.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqUnSet.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Drivers\dot4\Win2000\HPZinw12.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Drivers\dot4\Win2000\HPZipm12.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\hpzglu07.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\setup\hpzscr01.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\util\AiO\hpopdi05.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\util\AiO\hpopin05.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\util\common\hpzghl07.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\util\common\hpzpin07.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\hpis\bin\mad.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\hpis\bin\matcli.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\hpis\bin\MatcliWrapper.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\hpis\bin\MotiveBrowser.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\hpis\common\MotiveDirectory.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Memories Disc\hpod.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Memories Disc\hpodinst.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Hewlett-Packard\Memories Disc\hpodlog.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Internet Explorer\Connection Wizard\icwconn2.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Internet Explorer\Connection Wizard\icwrmind.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Internet Explorer\Connection Wizard\icwtutor.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Internet Explorer\Connection Wizard\inetwiz.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Internet Explorer\Connection Wizard\isignup.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Internet Explorer\gaymoe.EXE Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Internet Explorer\iedw.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Java\jre1.6.0_05\bin\java-rmi.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Java\jre1.6.0_05\bin\java.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Java\jre1.6.0_05\bin\javacpl.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Java\jre1.6.0_05\bin\javaw.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Java\jre1.6.0_05\bin\javaws.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Java\jre1.6.0_05\bin\keytool.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Java\jre1.6.0_05\bin\kinit.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Java\jre1.6.0_05\bin\klist.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Java\jre1.6.0_05\bin\ktab.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Java\jre1.6.0_05\bin\orbd.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Java\jre1.6.0_05\bin\pack200.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Java\jre1.6.0_05\bin\policytool.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Java\jre1.6.0_05\bin\rmid.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Java\jre1.6.0_05\bin\rmiregistry.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Java\jre1.6.0_05\bin\servertool.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Java\jre1.6.0_05\bin\tnameserv.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Java\jre1.6.0_05\bin\unpack200.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\LimeWire\LimeWire.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Malwarebytes' Anti-Malware\mbamtrayctrl.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Messenger\msmsgs.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Microsoft Money 2005\MNYCoreFiles\mnybb.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Microsoft Money 2005\MNYCoreFiles\mnybbsvc.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Microsoft Money 2005\MNYCoreFiles\mnycopymar.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Microsoft Money 2005\MNYCoreFiles\mnyimprt.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Microsoft Money 2005\MNYCoreFiles\mnyupdate.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Microsoft Money 2005\MNYCoreFiles\msmoney.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Microsoft Money 2005\MNYCoreFiles\salv.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Microsoft Money 2005\MNYCoreFiles\Setup\uninst.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Microsoft Money 2005\MNYCoreFiles\signin.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Movie Maker\moviemk.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\MSN Gaming Zone\Windows\zClientm.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Napster\NapsterClient.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Napster\SNAPDRM.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Core\nero.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Core\NeroCmd.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero\Uninstall\UNNERO.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBSFtp.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverDes.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero Fast CD-DVD Burning Plug-in\WMPBurn.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero Home\NeroHome.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero ImageDrive\ImageDrive.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero MediaHome\NeroMediaHome.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero MediaHome\NMMediaServer.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero Mobile\NeroMobileAd.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnap.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoSnapViewer.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero Recode\Recode.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero SoundTrax\SoundTrax.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero StartSmart\NeroStartSmart.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero Toolkit\CDSpeed.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero Toolkit\DriveSpeed.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero Toolkit\InfoTool.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero WaveEditor\DXEnum.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Nero\Nero 7\Nero WaveEditor\waveedit.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\NetMeeting\cb32.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\NetMeeting\conf.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\NetMeeting\wb32.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Outlook Express\msimn.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Outlook Express\oemig50.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Outlook Express\setup50.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Outlook Express\wab.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Outlook Express\wabmig.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Realtek\InstallShield\alcmtr.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Realtek\InstallShield\alcwzrd.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Realtek\InstallShield\ChCfg.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Realtek\InstallShield\cplutl64.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Realtek\InstallShield\miccal.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Realtek\InstallShield\rthdcpl.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Realtek\InstallShield\rtlcpl.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Realtek\InstallShield\RtlUpd.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Realtek\InstallShield\soundman.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\VideoLAN\VLC\vlc.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Windows Media Player\migrate.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Windows Media Player\setup_wm.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Windows Media Player\wmlaunch.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Windows Media Player\wmpenc.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Windows Media Player\wmplayer.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Windows Media Player\wmsetsdk.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Windows NT\Accessories\wordpad.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Windows NT\dialer.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Windows NT\hypertrm.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Windows NT\Pinball\PINBALL.EXE Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Windows Plus\Audio Converter\AudioConverter.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Windows Plus\CDLM\CDLM.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Windows Plus\Dancer\Dancer.exe Infected: Virus.Win32.Virut.n skipped
C:\Program Files\Windows Plus\Party Mode\PartyMode.exe Infected: Virus.Win32.Virut.n skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinAdmin.exe.vir Infected: Virus.Win32.Virut.n skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinUninstaller.exe.vir/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1552OinUninstaller.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\mrofinu72.exe.vir Infected: Virus.Win32.Virut.n skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\000090.exe.vir Infected: Virus.Win32.Virut.n skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\mgmrwmrv.exe.vir Infected: not-virus:Hoax.Win32.Renos.bee skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\$hf_mig$\KB834707\spuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB834707\update\update.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB867282\spuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB867282\update\update.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB873333\spuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB873333\update\update.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB873339\update\update.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB885250\spuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB885250\update\update.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB885835\update\update.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB885836\update\update.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB886185\update\update.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB887472\update\update.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB888113\spuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB888113\update\update.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB888302\update\update.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB890047\spuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB890047\update\update.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB890175\spuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB890175\update\update.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB891781\update\update.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\iedw.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB896688\update\arpidfix.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\iedw.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB896727\update\arpidfix.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB899588\update\arpidfix.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB899589\update\arpidfix.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB896428$\telnet.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB900325$\ehmsas.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB900325$\ehrec.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB900325$\ehrecvr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB900325$\ehsched.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB900325$\ehshell.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB900325$\mcrmgr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB900325$\medctrro.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB900325$\sbeserver.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB900325$\sonicmmburnengine.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB913800$\logagent.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB913800$\uwdf.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB913800$\wdfmgr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB913800$\wmplayer.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB913800$\wmsetsdk.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB918899$\iedw.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB922582$\fltmc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB930494$\aspnet_wp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB930494$\ieexec.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\$NtUninstallKB944533$\iedw.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ALCMTR.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ALCWZRD.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\creator\CD Creator.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\creator\Remind_XP.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\ehome\CreateDisc\pxhpinst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ehome\CreateDisc\PxShare.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ehome\CreateDisc\SBEServer.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ehome\CreateDisc\SonicMMBurnEngine.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ehome\ehExtHost.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ehome\ehHelp\tenfoothelp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ehome\ehHelp1\tenfoothelp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ehome\EhMCXIns.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ehome\ehmsas.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ehome\ehRec.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ehome\ehRecvr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ehome\ehSched.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ehome\ehshell.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ehome\ehtray.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ehome\mcrdsvc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ehome\mcrmgr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ehome\medctrro.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\ehome\RegisterMCEApp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\explorer.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\hh.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\I386\alf\MFU_US.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\I386\EXPAND.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\I386\FAXPATCH.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\I386\NETSETUP.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\I386\NTSD.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\I386\REGEDIT.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\I386\SPNPINST.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\I386\SYSPARSE.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\I386\TELNET.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\I386\WINNT32.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\inf\unregmp2.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Installer\{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}\places.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\IsUninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\KB913800.log Object is locked skipped
C:\WINDOWS\KB913800Uninst.log Object is locked skipped
C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hewlett_packardpsc_1ad78\hpzcfg07.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hewlett_packardpsc_1ad78\hpzcin06.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hewlett_packardpsc_1ad78\hpzeng07.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hewlett_packardpsc_1ad78\hpzpre07.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hewlett_packardpsc_1ad78\hpzstc07.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hewlett_packardpsc_1ad78\hpzstw07.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hewlett_packardpsc_1ad78\hpztbu07.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\LastGood\system32\spool\DRIVERS\W32X86\hewlett_packardpsc_1ad78\hpztbx07.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\MicCal.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\NETFXSBS10.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_regiis.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_state.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\aspnet_wp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\CasPol.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ConfigWizards.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Copy2Gac.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\csc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\cvtres.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\gacutil.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\IEExec.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ilasm.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\InstallUtil.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\jsc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\netfxupdate.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ngen.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegAsm.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\RegSvcs.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\SetRegNI.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\ToGac.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\vbc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\CasPol.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\csc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\cvtres.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\gacutil.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\IEExec.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ilasm.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\jsc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPol.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\ngen.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\vbc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\msagent\agentsvr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\mui\muisetup.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Nircmd.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\NOTEPAD.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\OPTIONS\AOLicon.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\OPTIONS\OemReset.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\OPTIONS\shipaol.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\pchealth\helpctr\binaries\HelpHost.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\pchealth\helpctr\binaries\HelpSvc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\pchealth\helpctr\binaries\HscUpd.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\pchealth\helpctr\binaries\notiflag.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\pchealth\UploadLB\Binaries\UploadM.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\regedit.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\uwdf.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}$BACKUP$\System\wdfmgr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{D4085847-FBC6-4541-A0C1-8FEE733D5CC9}.crmlog Object is locked skipped
C:\WINDOWS\RTHDCPL.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\RTLCPL.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SMINST\INSTALL_APP.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SMINST\Recguard.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SMINST\START.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\

#10
KenGuy5472

Posted 17 March 2008 - 02:35 PM

New Member

Topic Starter
Member
7 posts

and here is the rest of the log, which is still very long even though I removed many entries:

sp2gdr\spoolsv.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\sp2qfe\spoolsv.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\0fd33c77398fa2b50df56456525ef5c3\update\arpidfix.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\35d340428a8f32f0a91986e753c6e613\spuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\35d340428a8f32f0a91986e753c6e613\update\update.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2gdr\explorer.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\44d74c37f0595a363bcec5e9229d8564\sp2qfe\explorer.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\6d16348987bfa3ee3fd983361ac371cb\sp2gdr\tzchange.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\6d16348987bfa3ee3fd983361ac371cb\sp2qfe\tzchange.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\7aadf3cf193167a4072448418a735b3b\ehrecvr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\7aadf3cf193167a4072448418a735b3b\ehshell.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\86a5d4ec598b957d3e4d2a7951b2c258\sp2qfe\agentsvr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\8bc88a7fbc35ebd8d6b9dff49c373dd7\sp2gdr\hh.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\8bc88a7fbc35ebd8d6b9dff49c373dd7\sp2qfe\hh.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\9bb1c2b224abbb64312873e5c8754091\aspnet_wp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\9bb1c2b224abbb64312873e5c8754091\gacutil.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\9bb1c2b224abbb64312873e5c8754091\ieexec.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\9bb1c2b224abbb64312873e5c8754091\netfxupdate.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\9bb1c2b224abbb64312873e5c8754091\setregni.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\9bb1c2b224abbb64312873e5c8754091\togac.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\9bb1c2b224abbb64312873e5c8754091\update\preinstall.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\ad9c4c2a779933f83b51a49a2c88838d\msiexec.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\b386176bfcde202f7ed536e83198267a\sp2gdr\iedw.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\b386176bfcde202f7ed536e83198267a\sp2qfe\iedw.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\b7034e5647114d3cbed18f43ed16cf71\kb913800.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\b7034e5647114d3cbed18f43ed16cf71\logagent.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\b7034e5647114d3cbed18f43ed16cf71\uwdf.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\b7034e5647114d3cbed18f43ed16cf71\wdfmgr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\b7034e5647114d3cbed18f43ed16cf71\wmplayer.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\b7034e5647114d3cbed18f43ed16cf71\wmsetsdk.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\cb2769f3b1daf367a31ed046299a3790\sp2gdr\verclsid.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\cb2769f3b1daf367a31ed046299a3790\sp2qfe\verclsid.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\ee626d72680ff2619246a1cf5516f892\sp2gdr\telnet.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\Download\ee626d72680ff2619246a1cf5516f892\sp2qfe\telnet.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\SOUNDMAN.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\accwiz.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\actmovie.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ahui.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\alg.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\arp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\asr_fmt.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\asr_ldm.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\asr_pfu.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\at.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\atmadm.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\attrib.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\auditusr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\blastcln.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\bootcfg.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\bootok.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\bootvrfy.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\cacls.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\calc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CF22693.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\CF4791.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\charmap.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ChCfg.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\chkdsk.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\chkntfs.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\cidaemon.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\cipher.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\cisvc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ckcnv.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\cleanmgr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\cliconfg.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\clipbrd.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\clipsrv.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\cmd.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\cmdl32.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\cmmon32.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\cmstp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\Com\comrepl.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\Com\comrereg.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\comp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\compact.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\conime.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\control.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\convert.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\cscript.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ctfmon.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\davinci.scr Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\dcomcnfg.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ddeshare.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\defrag.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\dfrgfat.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\dfrgntfs.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\diantz.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\diskpart.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\diskperf.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\dllcache\agentsvr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\dllcache\fltmc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\dllcache\iedw.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\dllhost.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\dllhst3g.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\dmadmin.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\dmremote.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\doskey.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\dplaysvr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\dpnsvr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\dpvsetup.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\driverquery.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\drwtsn32.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\dumprep.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\dvdplay.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\dvdupgrd.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\dwwin.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\dxdiag.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\esentutl.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\eudcedit.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\eventcreate.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\eventtriggers.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\eventvwr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\expand.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\extrac32.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\fc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\fdsv.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\find.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\findstr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\finger.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\fixmapi.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\fltmc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\fontview.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\forcedos.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\freecell.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\fsquirt.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\fsutil.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ftp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\getmac.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\gpresult.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\gpupdate.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\grep.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\grpconv.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\HdAShCut.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\help.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\HFX3A.tmp Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\HFX7A.tmp Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\hostname.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\HotlineClient.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\HPZinw12.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\HPZipm12.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ie4uinit.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\iexpress.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\imapi.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ipconfig.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ipsec6.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ipv6.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ipxroute.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\keystone.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\label.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\lights.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\lnkstub.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\locator.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\lodctr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\logagent.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\logman.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\logoff.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\logon.scr Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\logonui.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\lpq.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\lpr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\magnify.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\makecab.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\Marker32.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\migpwd.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\mmc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\mnmsrvc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\mobsync.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\mountvol.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\mplay32.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\mpnotify.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\mqbkup.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\mqsvc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\mqtgsvc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\mrinfo.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\msdtc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\msg.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\mshearts.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\mshta.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\msiexec.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\mspaint.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\msswchx.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\mstinit.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\mstsc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\mypixdx.scr Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\narrator.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\nature.scr Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\nbtstat.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\nddeapir.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\net.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\net1.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\netdde.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\netsetup.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\netsh.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\netstat.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\notepad.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\npp\nppagent.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\nslookup.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ntbackup.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ntsd.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ntvdm.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\nvappbar.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\nvcolor.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\nvdspsch.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\nvsvc32.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\nvudisp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\NVUNINST.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\nvunrm.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\nvusmb.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\nwiz.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\nwscript.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\odbcad32.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\odbcconf.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\oobe\msoobe.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\oobe\oobebaln.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\openfiles.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\osk.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\osuninst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\OVComS.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\packager.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\pathping.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\pentnt.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\perfmon.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ping.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ping6.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\powercfg.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\print.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\progman.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\proquota.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\proxycfg.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\qappsrv.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\qprocess.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\qwinsta.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rasautou.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rasdial.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rasphone.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rcimlby.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rcp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rdpclip.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rdsaddin.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rdshost.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\recover.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\reg.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\regedt32.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\regini.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\regsvr32.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\regwiz.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\relog.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\replace.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\reset.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\Restore\rstrui.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\Restore\srdiag.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rexec.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\route.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\routemon.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rsh.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rsm.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rsmsink.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rsmui.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rsnotify.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rsopprov.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rsvp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rtcshare.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\runas.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rundll32.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\runonce.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\rwinsta.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\savedump.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\sc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\scardsvr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\schtasks.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\scrnsave.scr Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\sdbinst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\secedit.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\sed.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\sessmgr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\sethc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\setup.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\sfc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\shadow.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\shmgrate.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\shrpubw.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\shutdown.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\sigverif.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\skeys.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\smbinst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\smlogsvc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\sndrec32.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\sndvol32.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\sol.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\sort.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\space.scr Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\spider.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\spiisupd.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\spnpinst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardpsc_1ad78\hpzcfg07.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardpsc_1ad78\hpzcin06.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardpsc_1ad78\hpzeng07.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardpsc_1ad78\hpzpre07.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardpsc_1ad78\hpzstc07.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardpsc_1ad78\hpzstw07.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardpsc_1ad78\hpztbu07.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packardpsc_1ad78\hpztbx07.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\spoolsv.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ss3dfo.scr Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ssbezier.scr Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ssflwbox.scr Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ssmarque.scr Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ssmypics.scr Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ssmyst.scr Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\sspipes.scr Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ssstars.scr Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\sstext3d.scr Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\stimon.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\subst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\swreg.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\swsc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\swxcacls.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\syncapp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\syskey.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\sysocmgr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\systeminfo.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\systray.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\taskkill.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\tasklist.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\taskman.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\taskmgr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\tcmsetup.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\tcpsvcs.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\telnet.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\tftp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\tlntadmn.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\tlntsess.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\tlntsvr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\tourstart.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\tracerpt.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\tracert.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\tracert6.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\tscon.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\tscupgrd.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\tsdiscon.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\tskill.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\tsshutdn.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\typeperf.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\tzchange.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\unlodctr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\upnpcont.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\ups.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\URTTemp\regtlib.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\userinit.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\usmt\migload.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\usmt\migwiz.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\usmt\migwiz_a.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\usrmlnka.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\usrprbda.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\usrshuta.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\utilman.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\uwdf.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\verclsid.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\verifier.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\VFind.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\VGASwitch.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\vssadmin.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\vssvc.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\w32tm.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wbem\mofcomp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\scrcons.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wbem\unsecapp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wbem\wbemtest.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wbem\winmgmt.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wbem\wmiadap.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wbem\wmiapsrv.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wbem\wmic.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wbem\wmiprvse.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wdfmgr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wextract.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wiaacmgr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\winhlp32.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\winmine.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\winmsd.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\winver.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\WISPTIS.EXE Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wpabaln.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wpgldfsh.scr Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wpnpinst.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\write.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wscntfy.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wscript.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wuauclt1.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\wupdmgr.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\xcopy.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\system32\zip.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\taskman.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\twunk_32.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\UNNeroBackItUp.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\UNNeroMediaHome.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\UNNeroShowTime.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\UNNeroVision.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\UNRecode.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\unvise32qt.exe Infected: Virus.Win32.Virut.n skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\winhlp32.exe Infected: Virus.Win32.Virut.n skipped
C:\_OTMoveIt\MovedFiles\03162008_220321\Program Files\Bat\Bat.exe Infected: Virus.Win32.Virut.n skipped
C:\_OTMoveIt\MovedFiles\03162008_220321\Program Files\Bat\X_Bat.exe Infected: Virus.Win32.Virut.n skipped
C:\_OTMoveIt\MovedFiles\03162008_220321\Program Files\QdrModule\QdrModule13.exe Infected: Virus.Win32.Virut.n skipped
C:\_OTMoveIt\MovedFiles\03162008_220321\Program Files\QdrPack\QdrPack14.exe Infected: Virus.Win32.Virut.n skipped
C:\_OTMoveIt\MovedFiles\03162008_220321\WINDOWS\WіnSxS\nopdb.exe Infected: Virus.Win32.Virut.n skipped

Scan process completed.

#11
kahdah

Posted 17 March 2008 - 05:45 PM

GeekU Teacher

Retired Staff
15,822 posts

BAD news all of those entries are legitimate files that are infected.
We could attempt to clean it but I am afraid you will have to reinstall on this one.
Virut is a bad file infector virus that has totally and almost completely overwritten all of your files.
In this case the only way out is a full re-install.
Even if we try to clean this virus your Windows will almost certainly be unusable.

If you would still like to try to kill this infection we can try but I don't have high hopes.
Let me know what you decide.

#12
KenGuy5472

Posted 17 March 2008 - 07:04 PM

New Member

Topic Starter
Member
7 posts

Hmmmm.........
well, that really is bad news, I was hoping to be able to keep some files.
I knew about Virut and what it can do, but I was hoping there would be any way to get all my files back to uninfected state.
I don't think just one visit to a game site caused this, however. I think Virut has been sitting in the drive since before I restored this PC, and the older legitimate files weren't deleted in time, meaning tons of files got infected.
I guess if you say is true, and I can believe that it spread pretty far, then I'll just have to do a drive-wipe install and hope all traces of it will disappear, and I'll make a list of the programs installed right now so I can reinstall them later.
At least there wasn't too much on here to worry about having to keep.

Well kahdah, thank you so much for trying your best and taking your time to help me with disinfection, but I guess I let the virus get the best of me.
I'll be sure to be much more careful in the future, and I'll just leave it to reinstall Windows overnight.
Thanks for your responses!
-Ken.

EDIT: Just one quick question before I go.
On analyzing the complete log file, I found that it only infected my Program Files, WINDOWS files, (which definitely affected my computer, since those files are opened all the time) and System Volume Information files as well as only a few documents, do you think it would be safe to burn all uninfected important files and documents and pictures to a 8.5 DL DVD to copy all the files over to this drive, after formatting it and reinstalling Windows?

Edited by KenGuy5472, 17 March 2008 - 08:00 PM.

#13
kahdah

Posted 17 March 2008 - 10:04 PM

GeekU Teacher

Retired Staff
15,822 posts

You are welcome
Mabye you can quickly burn the items you are talking about but I wouldn't advise it as it spreads very quickly and runs when your computer is on.
So there is a chance that for it to have already infected those "unaffected files" the choice is yours but I do not recommend it.
===================================================================
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If your the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

#14
kahdah

Posted 17 March 2008 - 10:04 PM

GeekU Teacher

Retired Staff
15,822 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.